Search in sources :

Example 1 with ComponentConcern

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.

the class ProjectMessageSummarizerTest method groupedConcernCountTest.

@Test
public void groupedConcernCountTest() {
    ComponentConcern vulnerabilityConcern1 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.CRITICAL, "https://vuln-rul");
    ComponentConcern vulnerabilityConcern2 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-456", ComponentConcernSeverity.CRITICAL, "https://vuln-rul");
    ComponentConcern vulnerabilityConcern3 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-789", ComponentConcernSeverity.CRITICAL, "https://vuln-rul");
    ComponentConcern vulnerabilityConcern4 = ComponentConcern.vulnerability(ItemOperation.DELETE, "CVE-246", ComponentConcernSeverity.MINOR_MEDIUM, "https://vuln-rul");
    BomComponentDetails bomComponentDetails = createBomComponentDetails(List.of(vulnerabilityConcern1, vulnerabilityConcern2, vulnerabilityConcern3, vulnerabilityConcern4));
    ProjectMessage projectMessage = ProjectMessage.componentConcern(providerDetails, commonProject, commonProjectVersion, List.of(bomComponentDetails));
    ProcessedProviderMessage<ProjectMessage> processedProviderMessage = new ProcessedProviderMessage<>(Set.of(1L), projectMessage);
    ProcessedProviderMessage<SimpleMessage> summarizedSimpleMessage = projectMessageSummarizer.summarize(processedProviderMessage);
    SimpleMessage simpleMessage = summarizedSimpleMessage.getProviderMessage();
    printSimpleMessage(simpleMessage);
    testProjectStatus(simpleMessage);
    testComponentStatus(simpleMessage);
    assertEquals(4, simpleMessage.getDetails().size());
    assertEquals(3, Integer.valueOf(getDetailValue(simpleMessage.getDetails(), vulnerabilityConcern1.getSeverity().getVulnerabilityLabel(), "Vulnerabilities", ProjectMessageSummarizer.OP_PARTICIPLE_ADDED)));
    assertEquals(1, Integer.valueOf(getDetailValue(simpleMessage.getDetails(), vulnerabilityConcern4.getSeverity().getVulnerabilityLabel(), "Vulnerabilities", ProjectMessageSummarizer.OP_PARTICIPLE_DELETED)));
}
Also used : ProjectMessage(com.synopsys.integration.alert.processor.api.extract.model.project.ProjectMessage) ProcessedProviderMessage(com.synopsys.integration.alert.processor.api.extract.model.ProcessedProviderMessage) SimpleMessage(com.synopsys.integration.alert.processor.api.extract.model.SimpleMessage) ComponentConcern(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails) Test(org.junit.jupiter.api.Test)

Example 2 with ComponentConcern

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.

the class ProjectMessageSummarizerTest method summarizeComponentConcernTest.

@Test
public void summarizeComponentConcernTest() {
    ComponentConcern policyConcern = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.TRIVIAL_LOW, "https://severe-policy");
    ComponentConcern vulnerabilityConcern1 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.CRITICAL, "https://vuln-rul");
    ComponentConcern vulnerabilityConcern2 = ComponentConcern.vulnerability(ItemOperation.UPDATE, "CVE-135", ComponentConcernSeverity.TRIVIAL_LOW, "https://vuln-rul");
    ComponentConcern vulnerabilityConcern3 = ComponentConcern.vulnerability(ItemOperation.DELETE, "CVE-246", ComponentConcernSeverity.MINOR_MEDIUM, "https://vuln-rul");
    BomComponentDetails bomComponentDetails = createBomComponentDetails(List.of(policyConcern, vulnerabilityConcern1, vulnerabilityConcern2, vulnerabilityConcern3));
    ProjectMessage projectMessage = ProjectMessage.componentConcern(providerDetails, commonProject, commonProjectVersion, List.of(bomComponentDetails));
    ProcessedProviderMessage<ProjectMessage> processedProviderMessage = new ProcessedProviderMessage<>(Set.of(1L), projectMessage);
    ProcessedProviderMessage<SimpleMessage> summarizedSimpleMessage = projectMessageSummarizer.summarize(processedProviderMessage);
    SimpleMessage simpleMessage = summarizedSimpleMessage.getProviderMessage();
    printSimpleMessage(simpleMessage);
    testProjectStatus(simpleMessage);
    testComponentStatus(simpleMessage);
    assertEquals(6, simpleMessage.getDetails().size());
    assertTrue(doesLabelExist(simpleMessage.getDetails(), policyConcern.getSeverity().getPolicyLabel(), "Policies", ProjectMessageSummarizer.OP_PARTICIPLE_VIOLATED));
    assertTrue(doesLabelExist(simpleMessage.getDetails(), vulnerabilityConcern1.getSeverity().getVulnerabilityLabel(), "Vulnerabilities", ProjectMessageSummarizer.OP_PARTICIPLE_ADDED));
    assertTrue(doesLabelExist(simpleMessage.getDetails(), vulnerabilityConcern2.getSeverity().getVulnerabilityLabel(), "Vulnerabilities", ProjectMessageSummarizer.OP_PARTICIPLE_UPDATED));
    assertTrue(doesLabelExist(simpleMessage.getDetails(), vulnerabilityConcern3.getSeverity().getVulnerabilityLabel(), "Vulnerabilities", ProjectMessageSummarizer.OP_PARTICIPLE_DELETED));
    assertTrue(simpleMessage.getDescription().contains("problems"));
}
Also used : ProjectMessage(com.synopsys.integration.alert.processor.api.extract.model.project.ProjectMessage) ProcessedProviderMessage(com.synopsys.integration.alert.processor.api.extract.model.ProcessedProviderMessage) SimpleMessage(com.synopsys.integration.alert.processor.api.extract.model.SimpleMessage) ComponentConcern(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails) Test(org.junit.jupiter.api.Test)

Example 3 with ComponentConcern

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.

the class ProjectMessageSummarizerTest method sortedConcernsTest.

@Test
public void sortedConcernsTest() {
    ComponentConcern policyConcern1 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.TRIVIAL_LOW, "https://severe-policy");
    ComponentConcern policyConcern2 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.BLOCKER, "https://severe-policy");
    ComponentConcern policyConcern3 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.MINOR_MEDIUM, "https://severe-policy");
    ComponentConcern vulnerabilityConcern1 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.CRITICAL, "https://vuln-rul");
    ComponentConcern vulnerabilityConcern2 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-135", ComponentConcernSeverity.TRIVIAL_LOW, "https://vuln-rul");
    ComponentConcern vulnerabilityConcern3 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-246", ComponentConcernSeverity.MINOR_MEDIUM, "https://vuln-rul");
    ComponentConcern policyConcern4 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.BLOCKER, "https://severe-policy");
    ComponentConcern policyConcern5 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.MAJOR_HIGH, "https://severe-policy");
    ComponentConcern policyConcern6 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.CRITICAL, "https://severe-policy");
    ComponentConcern policyConcern7 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.UNSPECIFIED_UNKNOWN, "https://severe-policy");
    ComponentConcern vulnerabilityConcern4 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.BLOCKER, "https://vuln-rul");
    ComponentConcern vulnerabilityConcern5 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.UNSPECIFIED_UNKNOWN, "https://vuln-rul");
    ComponentConcern vulnerabilityConcern6 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.MAJOR_HIGH, "https://vuln-rul");
    BomComponentDetails bomComponentDetails = createBomComponentDetails(List.of(policyConcern1, policyConcern2, policyConcern3, policyConcern4, policyConcern5, policyConcern6, policyConcern7, vulnerabilityConcern1, vulnerabilityConcern2, vulnerabilityConcern3, vulnerabilityConcern4, vulnerabilityConcern5, vulnerabilityConcern6));
    ProjectMessage projectMessage = ProjectMessage.componentConcern(providerDetails, commonProject, commonProjectVersion, List.of(bomComponentDetails));
    ProcessedProviderMessage<ProjectMessage> processedProviderMessage = new ProcessedProviderMessage<>(Set.of(1L), projectMessage);
    ProcessedProviderMessage<SimpleMessage> summarizedSimpleMessage = projectMessageSummarizer.summarize(processedProviderMessage);
    SimpleMessage simpleMessage = summarizedSimpleMessage.getProviderMessage();
    printSimpleMessage(simpleMessage);
    // There are a total of 14 details, the latter 12 being policies and vulnerabilities sorted by type then severity
    assertEquals(14, simpleMessage.getDetails().size());
    List<LinkableItem> details = simpleMessage.getDetails();
    assertTrue(details.get(2).getLabel().contains(ComponentConcernSeverity.BLOCKER.getPolicyLabel()));
    assertTrue(details.get(3).getLabel().contains(ComponentConcernSeverity.CRITICAL.getPolicyLabel()));
    assertTrue(details.get(4).getLabel().contains(ComponentConcernSeverity.MAJOR_HIGH.getPolicyLabel()));
    assertTrue(details.get(5).getLabel().contains(ComponentConcernSeverity.MINOR_MEDIUM.getPolicyLabel()));
    assertTrue(details.get(6).getLabel().contains(ComponentConcernSeverity.TRIVIAL_LOW.getPolicyLabel()));
    assertTrue(details.get(7).getLabel().contains(ComponentConcernSeverity.UNSPECIFIED_UNKNOWN.getPolicyLabel()));
    assertTrue(details.get(8).getLabel().contains(ComponentConcernSeverity.BLOCKER.getVulnerabilityLabel()));
    assertTrue(details.get(9).getLabel().contains(ComponentConcernSeverity.CRITICAL.getVulnerabilityLabel()));
    assertTrue(details.get(10).getLabel().contains(ComponentConcernSeverity.MAJOR_HIGH.getVulnerabilityLabel()));
    assertTrue(details.get(11).getLabel().contains(ComponentConcernSeverity.MINOR_MEDIUM.getVulnerabilityLabel()));
    assertTrue(details.get(12).getLabel().contains(ComponentConcernSeverity.TRIVIAL_LOW.getVulnerabilityLabel()));
    assertTrue(details.get(13).getLabel().contains(ComponentConcernSeverity.UNSPECIFIED_UNKNOWN.getVulnerabilityLabel()));
}
Also used : LinkableItem(com.synopsys.integration.alert.common.message.model.LinkableItem) ProjectMessage(com.synopsys.integration.alert.processor.api.extract.model.project.ProjectMessage) ProcessedProviderMessage(com.synopsys.integration.alert.processor.api.extract.model.ProcessedProviderMessage) SimpleMessage(com.synopsys.integration.alert.processor.api.extract.model.SimpleMessage) ComponentConcern(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails) Test(org.junit.jupiter.api.Test)

Example 4 with ComponentConcern

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.

the class ProjectMessageToIssueModelTransformerTest method convertToIssueModelsForPolicyTest.

@Test
public void convertToIssueModelsForPolicyTest() {
    ComponentConcern policyConcern = ComponentConcern.policy(ItemOperation.ADD, COMPONENT_POLICY_1.getPolicyName(), "https://policy");
    BomComponentDetails bomComponentDetails = createBomComponentDetails(policyConcern);
    ProjectMessage projectMessage = ProjectMessage.componentConcern(PROVIDER_DETAILS, PROJECT, PROJECT_VERSION, List.of(bomComponentDetails));
    ProjectMessageToIssueModelTransformer modelTransformer = new ProjectMessageToIssueModelTransformer();
    List<ProjectIssueModel> policyIssueModels = modelTransformer.convertToIssueModels(projectMessage);
    assertEquals(1, policyIssueModels.size());
    ProjectIssueModel policyIssueModel = policyIssueModels.get(0);
    assertRequiredDetails(policyIssueModel);
    Optional<IssuePolicyDetails> optionalPolicyDetails = policyIssueModel.getPolicyDetails();
    assertTrue(optionalPolicyDetails.isPresent(), "Expected policy details to be present");
    IssuePolicyDetails policyDetails = optionalPolicyDetails.get();
    assertEquals(policyConcern.getName(), policyDetails.getName());
    assertEquals(policyConcern.getOperation(), policyDetails.getOperation());
    assertEquals(policyConcern.getSeverity(), policyDetails.getSeverity());
}
Also used : ProjectMessage(com.synopsys.integration.alert.processor.api.extract.model.project.ProjectMessage) IssuePolicyDetails(com.synopsys.integration.alert.api.channel.issue.model.IssuePolicyDetails) ProjectIssueModel(com.synopsys.integration.alert.api.channel.issue.model.ProjectIssueModel) ComponentConcern(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails) IssueBomComponentDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails) Test(org.junit.jupiter.api.Test)

Example 5 with ComponentConcern

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.

the class ProjectMessageToIssueModelTransformerTest method convertToIssueModelsForComponentUnknownVersionTest.

@Test
public void convertToIssueModelsForComponentUnknownVersionTest() {
    ComponentConcern unknownComponentConcern = ComponentConcern.unknownComponentVersion(ItemOperation.ADD, "Component01", ComponentConcernSeverity.MAJOR_HIGH, 2, "https://synopsys.com");
    BomComponentDetails bomComponentDetails = createBomComponentDetails(unknownComponentConcern);
    ProjectMessage projectMessage = ProjectMessage.componentConcern(PROVIDER_DETAILS, PROJECT, PROJECT_VERSION, List.of(bomComponentDetails));
    ProjectMessageToIssueModelTransformer modelTransformer = new ProjectMessageToIssueModelTransformer();
    List<ProjectIssueModel> policyIssueModels = modelTransformer.convertToIssueModels(projectMessage);
    assertEquals(1, policyIssueModels.size());
    ProjectIssueModel unknownVersionIssueModel = policyIssueModels.get(0);
    assertRequiredDetails(unknownVersionIssueModel);
    Optional<IssueComponentUnknownVersionDetails> optionalDetails = unknownVersionIssueModel.getComponentUnknownVersionDetails();
    assertTrue(optionalDetails.isPresent(), "Expected unknown component details to be present");
    IssueComponentUnknownVersionDetails details = optionalDetails.get();
    assertEquals(ItemOperation.ADD, details.getItemOperation());
    assertEquals(1, details.getEstimatedRiskModelList().size());
    IssueEstimatedRiskModel estimatedRiskModel = details.getEstimatedRiskModelList().get(0);
    assertEquals(ComponentConcernSeverity.MAJOR_HIGH, estimatedRiskModel.getSeverity());
    assertEquals("Component01", estimatedRiskModel.getName());
    assertEquals(2, estimatedRiskModel.getCount());
    assertTrue(estimatedRiskModel.getComponentVersionUrl().isPresent());
}
Also used : IssueComponentUnknownVersionDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueComponentUnknownVersionDetails) ProjectMessage(com.synopsys.integration.alert.processor.api.extract.model.project.ProjectMessage) IssueEstimatedRiskModel(com.synopsys.integration.alert.api.channel.issue.model.IssueEstimatedRiskModel) ProjectIssueModel(com.synopsys.integration.alert.api.channel.issue.model.ProjectIssueModel) ComponentConcern(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails) IssueBomComponentDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails) Test(org.junit.jupiter.api.Test)

Aggregations

ComponentConcern (com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern)24 BomComponentDetails (com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails)13 ProjectMessage (com.synopsys.integration.alert.processor.api.extract.model.project.ProjectMessage)9 LinkedList (java.util.LinkedList)9 Test (org.junit.jupiter.api.Test)7 ItemOperation (com.synopsys.integration.alert.common.enumeration.ItemOperation)6 LinkableItem (com.synopsys.integration.alert.common.message.model.LinkableItem)6 ProcessedProviderMessage (com.synopsys.integration.alert.processor.api.extract.model.ProcessedProviderMessage)5 SimpleMessage (com.synopsys.integration.alert.processor.api.extract.model.SimpleMessage)5 HttpUrl (com.synopsys.integration.rest.HttpUrl)5 IssueBomComponentDetails (com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails)4 ProjectIssueModel (com.synopsys.integration.alert.api.channel.issue.model.ProjectIssueModel)4 BlackDuckMessageBomComponentDetailsCreator (com.synopsys.integration.alert.provider.blackduck.processor.message.service.BlackDuckMessageBomComponentDetailsCreator)4 ProjectVersionComponentVersionView (com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView)4 BlackDuckApiClient (com.synopsys.integration.blackduck.service.BlackDuckApiClient)4 IntegrationRestException (com.synopsys.integration.rest.exception.IntegrationRestException)4 IssueComponentUnknownVersionDetails (com.synopsys.integration.alert.api.channel.issue.model.IssueComponentUnknownVersionDetails)3 IssueEstimatedRiskModel (com.synopsys.integration.alert.api.channel.issue.model.IssueEstimatedRiskModel)3 IssueVulnerabilityDetails (com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails)3 ComponentConcernType (com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcernType)3